What is CEO fraud?
CEO fraud is a phenomenon that has been circulating among large institutions for several years, but now also affects small businesses and associations. In CEO fraud, a cybercriminal assumes the identity of the CEO in order to make payment requests to the executive secretary, CFO or other individuals within the company with payment authority. In this way, criminals can send very large sums of money to foreign accounts.
How does CEO fraud work?
To successfully commit CEO fraud, the hacker or cybercriminal will first need to investigate how companies and employees communicate with each other. He must understand how employees greet each other, what kind of emails are sent back and forth, and what the policies are before payment is made.
In addition, the criminal can also monitor social media profiles. In the past, he has often sent multiple emails to the company to find out who decides which payments and how the emails are structured or articulated.
As a company, how can you prevent CEO fraud?
If you want to protect your company or association from CEO fraud, there are a few steps you can take.
- When the CEO sends a payment request, it is a good idea to call the CEO or business owner for confirmation or to make the payment on his or her desk.
- You should always check the sender of the e-mail. The sender may contain important hints, as the CEO’s name may be misspelt or may come from a Gmail or other free email address.
- If you receive a payment request from another company, call to confirm the request. Use the phone number you have on file – and NOT the phone number in the e-mail.
- As a business, it is important for your company to have certain procedures for payments. It can be difficult for criminals to follow these procedures.
- Get an extra layer of protection from your bank. Let your bank know what kinds of transactions might be considered normal for your business or enterprise. That way, artificial intelligence using machine learning can flag certain payments as unusual or suspicious so they can be stopped. For example, if your company never transfers money abroad, your bank can stop payment to a foreign account. If the payment is known, all you have to do is call your bank and the payment can be made without any problems.
What if you are the victim of a CEO fraud?
If you are lucky and get there quickly, you can contact your bank and stop the payment. If you wait too long, you may lose your money because you can’t hold anyone liable. It is therefore important to call your bank’s fraud number.
But as with many cyber-security problems, prevention is far better than cure.
Contact
Interested in scheduling a security awareness session for your board or staff? Or curious about how to raise awareness for your company? Then contact us using the form below. We’ll be happy to answer all your questions!